The RISKS Digest
Volume 16 Issue 18

Tuesday, 21st June 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Physical Location via Cell Phone
Derek Atkins
RF Interference
unattributed alt.shenanigans item via Elana
EDI mail storm
Cheryl Berthelsen via Brian D. Renaud
Re: Campaigns and Elections
Peter J. Denning
Re: Airframe Safety
Bill Murray
Mark Staler
Andy Dingley
Tom Lane
Shopping Risks...
Philip R. Banks
Info on RISKS (comp.risks)

Physical Location via Cell Phone

Derek Atkins <warlord@MIT.EDU>
Sun, 19 Jun 94 01:32:47 EDT
I'm sure many people have heard this already, even though it only happened
yesterday (Friday, 17 June).  I'm sure most people have heard about O.J.
Simpson [he was charged with a double murder], and Friday evening he took a
long drive around the LA Highway system.  Police said that they discovered his
location (and even his very car) through the use of the Cellular Phone system.

The RISKS are obvious: Being able to locate someone just by their cell phone,
and by extension, just keeping a cell-phone turned on transmits enough
information to be located.  For example, if anyone carries a Digital Personal
Communicator (DPC), or other such flip-top cell phones, or any cell phone, for
that matter, they can be physically tracked, basically, anywhere in the
country through the cellular phone system.

And as the cells get smaller, the location detail gets better.  What
will happen when we have micro-cellular phones, a cell for every
building, or even a cell for every office!  Think about the level of
personal tracking that can be done with this level of detail!

-derek


a risk from alt.shenanigans of all places (!!!)

Elana Who? <elana@netcom.com>
Sun, 19 Jun 1994 02:18:02 GMT
     [No, I did NOT make this post up!!!   Elana]

>From alt.shenanigans...

scott.baldwin@castles.com (Scott Baldwin) writes:
>M>because we tend to get blamed for any interference unless we can find
>M>the actual source!)
>M>Radio direction finding is fun...

>  We used to do this all the time as well!  HF radios of course.  What I
>found to be pleasing, is this old VW Bug (about a '63 I think) would
>always be going down the freeway during the afternoon at the same time I
>would be going to work.  I heard that if you had high enough RF power
>you could disturb the electric fuel pump, so I tried this one day using
>a 600 Watt PEP amp and keyed an AM carrier, and what did I see???

>  A VW bug slowing down and starting to pull over >:)  I did this for an
>entire week... hehe!


EDI mail storm

Brian D. Renaud <brena@hcia.com>
Fri, 17 Jun 94 11:14 EDT
[Seen on the Health Information Management Listserv — Brian]

Date: Thu, 16 Jun 94 23:04:54 -0500
From: Cheryl Berthelsen <cherylb@fiona.umsmed.edu>
Subject: IS THE WHAT EDI IS ALL ABOUT?

The following article was published today in the Jackson Clarion-Ledger.
Is this what Electronic billing does for us?  Are the Medicare fiscal
intermediary software programs for claims processing really that stupid?


WOMAN GETS THE MESSAGE, OK?

Dorothy Joyce's mailman brought her 131 letters in one visit, and
none of it was junk mail.  All were from one correspondent:  MEDICARE.
"The postman said, 'Lady, I've never delivered so much mail to one person
before,'" Joyce, 77, said.  Each envelope contained four notices concerning
Joyce's claim for a $29.97 doctor's visit.  Each cost 46 cents to mail; the
government spent $60.26 to tell Joyce her claim was invalid.

After her May 17 visit to Dr. Samual P. Robinson's Gulfport office, Robinson's
computer notified Medicare's computer that Joyce had been there.  And kept on
notifying, said Margaret Brundidge, a clerk with Travelers Insurance Co.
Medicare office in Jackson.

Cheryl Berthelsen, PhD,  Assistant Professor, Univ. of Mississippi Medical
Center, School of Health Related Professions (SHRP), Jackson, MS 39216


Re: Campaigns and Elections (Agre, RISKS-16.12)

Peter J. Denning <pjd@cne.gmu.edu>
Fri, 17 Jun 94 12:51:23 EDT
Phil Agre recently said he found it "scary" that some political campaigners
are apparently tailoring political ads to probable interests of individuals,
based on extracts from available databases.  He is, however, describing an
activity that is already happening with advertising in general.  I don't
understand the grounding for his assessment that tailored political ads are
"scary".  Few of us like the telemarketers who call at dinner and seem to know
things about us, but most people would call this "annoying" not "scary".

Peter Denning


Airframe Safety

William Hugh Murray <0003158580@mcimail.com>
Thu, 16 Jun 94 17:27 EST
If I recall correctly, this thread began when someone asserted that AI
aircraft were just too unsafe for him.  I remember thinking at the time
that that was a "nationalist" position not supported by facts.  One set of
facts looks something like this:

>DC-9/MD-80       2065       68         3.29
>Boeing 727       1831       62         3.39
>Boeing 737       2515       57         2.27
>Boeing 747       988        22         2.23
>DC-10            446        21         4.71
>Airbus A300/310  636        7          1.10
>Airbus A320      411        4          0.97

According to this data a rational person might actually prefer AI airframes.

Based upon the data a rational person would certainly prefer the A320 to,
let us say the B727.  However, based upon public perception, one would
certainly prefer the B727.  The 727 enjoys a well-deserved public
reputation for safety.  On the other hand, those of us who have been adults
since the 727 was introduced remember that early in their use they fell out
of the sky like hail stones.  In response to a number of crash landings the
operations manual was changed.  The landing configuration was changed from
nose-down low-revs to nose-high high-revs.  That change contributed greatly
to the enviable safety record of the 727.

Based upon the data above, one might prefer the A320 to the DC10.  On the
other hand, the data could be very misleading.  The DC10s, having been around
a great deal longer, may have lost far fewer airframes per operation.

(Besides, I like to fly on DC10s.  In many configurations, they are the most
comfortable planes in the air.  I do not pretend to be completely rational.
If I were, I would certainly prefer any of these planes to my car.)

My point is that, given the sizes of the (Ns) numbers above and given what
they measure, it is simply not possible to make a rational choice between
the planes.  It probably is not possible even to rationally prefer them to
automobiles.

I make my living trying to help my clients make rational and safe choices
in areas where there is all too much data about the consequences of an
event and all too little about the rates of occurrence.  Given the
statistical significance of this data,  I doubt that I could change the
client's life expectancy by more than a few seconds, one way or the other,
by making a systematic choice between those planes, on that or any other
available data, even if she took a flight every day.

Taken across the entire population likely to fly on those planes, I could
do a tiny bit better.  However, I could not do sufficiently better to
justify public policy.  I sympathize with those charged with doing so.

There seems to be a political demand, or at least an  expectation,  in our
current culture for zero risk.  The real world does not work that way.

William Hugh Murray    New Canaan, Connecticut 06840


Flighty statistics

<stalzer@macaw.hrl.hac.com>
Thu, 16 Jun 1994 13:01:03 +0800
In RISKS-16.16 p.mellor@csr.city.ac.uk presented the following data:
>Aircraft         No. in     Hulls      % Losses
>Type             Service    Lost
>
>DC-9/MD-80       2065       68         3.29
>Boeing 727       1831       62         3.39
>Boeing 737       2515       57         2.27
>Boeing 747       988        22         2.23
>DC-10            446        21         4.71
>Airbus A300/310  636        7          1.10
>Airbus A320      411        4          0.97

Unfortunately, there is no way to interpret this data. Maybe the
DC-10s were flown several times a day and the A320s were parked.
You must supply miles flown vs. hulls lost, or, even better yet,
hops vs. hulls lost (since most accidents happen in takeoff/landing).

Mark Stalzer  stalzer@macaw.hrl.hac.com


Airbus Risks

Andy Dingley <dingbat@codesmth.demon.co.uk>
Thu, 16 Jun 94 21:27:58 GMT
On a lighter note, this discussion of Airbus RISKS reminds me of an article in
Flight International a few years ago, on the Airbus and its software problems.

The Airbus has many new software-related systems, and had many teething
troubles with them. Navigation systems were mentioned as problematic, as were
the concerns about fly-by-wire. The crucial problems, as far as operations
were concerned, weren't about any of these high profile systems; they were
about something as mundane as the computer controlled lavatory valves. If you
have a navigational failure, the co-pilot needs to get their manual plotter
and charts out again, but you can still fly on. OTOH, a plane full of a few
hundred incontinent pensioners on their way to Tenerife isn't going *anywhere*
unless the toilets are working !

Andy Dingley     Codesmiths of Newcastle     dingbat@codesmth.demon.co.uk


How to lie with statistics (Re: Does it matter why A3??'s have a poor record?)

Tom Lane <tgl@netcom.com>
Sat, 18 Jun 94 20:50:15 -0700
Pete Mellor <pm@csr.city.ac.uk> writes:
> The following table shows the number of crashes per hull in service for
> different aircraft types.

I can't believe that anyone would propose such numbers as a useful measure
of safety.  The Airbus models are much newer than the ones they are being
compared to.  727s, for instance, are quite old (most of 'em are
approaching retirement, are they not?) and would have seen many more
flights than A3xx craft.  The low rates reported for A3xx probably just
reflect the youth of the fleet.

I would find loss rates per mile flown, or perhaps per departure, far more
credible.  Anyone have that data?

tom lane


Shopping Risks...

<banksie@khantazi.actrix.gen.nz>
Sat, 18 Jun 1994 13:40:01 +1200
   I am sure most people reading the RISKS DIGEST have been bitten by the
automated supermarket checkout machines. However, having been bitten recently,
I believe it bears repeating.

   It has been a weekly routine with my family to help my mother on thursday
nights do the shopping. Normally we take along a list, a calculator and
generally have a fairly good chat while we take care of the groceries. Now the
supermarket we shop at has a checkout system based on a barcode scanner that
they pass the goods over to tot the price up. We double check the price using
the calculator by adding up the shelf listed prices as we procure the items
from the shelf.

   But in over two years of doing this we have *never* had a calculator result
that tallied exactly with the given price. Often this can be explained as
human error but the supermarket has an array of interesting tricks that often
account for this difference.

1) Not listing the price. Anywhere. This is often the case in the bread
section.

2) Listing the *wrong* price. Several times we have bought a product that has
been listed at one price and has rung up on the checkout counter at another
price. Usually we only spot the difference once we have returned home and
tried to identify why the calculator result was out. Invariably the price
change is in the supermarket's favour.

3) Double scanning products. That way it gets rung up twice and you get charged
twice for the one product.

4) The bar code information is for the wrong product. Presumably data entry
errors occur and the bar code on the product you are buying is linked to the
wrong price data.

Now I am not suggesting that any of these practices are deliberate but it is
easy to see why supermarkets are not terribly keen to stamp out such problems.
All it requires is a hundred or so errors, a week, like this to occur and the
supermarket accrues, on average, another $300 of profit. (Our average
difference is usually around the $3 mark.)

   What makes it worse is that alot of the supermarket staff believe the
computer to be infallible and incapable of error. When I assure them that, due
to my profession of programming the things, I know very well that they can go
wrong it a large number of ways they almost invariably remain dubious of my
assertion.

   The risks are fairly clear. It is worthwhile double checking the price you
get charged for your groceries. While the system itself is fairly reliable it
naturally cannot cope with the human error side of things due to faulty use or
data entry into the system.

Philip R. Banks  Syntax: mail < banks_p@kosmos.wcc.govt.nz >

Please report problems with the web pages to the maintainer

x
Top